| E-Detective-Wireless | E-DETECTIVE | Hardware | DRAC Series | Software |
 |
E-Detective- Internet Forensics & Crime Investigation Device
E-Detective is a one-way interception machine installed on a network to trace network crime. By copying the contents of the network communication to a collection system, E-Detective avoids any interuptions in the normal operation of the network. The collection system filters out data not approved by a court of law. The data can be saved on the equipment for investigation and legal purposes.
I. Front-end Sensor The Front-end sensor seperates network packets for specific IP addresses, which not only can be set in accordance with a user's demand but also can provide a packet retrieval and decoding system for packet recording and protocol decoding.The Front-end sensor has two optical ports and two 10/100/1000Mbps ports. Front-end Sensor for E-Detective 1- Network packets and the conditions for seperating IP addresses can be set according to the user's demand including; designation of IP address, Protocol, Domain name, MAC address, and port number to be recorded. These conditions can target a source address and/or destination address. 2- Partial Match can be used to set the conditions of an IP address and specific protocol. For example: a. Value 10.255.254.18 b. Range 10.255.*.* 3- Packets can be saved in advance to individually seperate IP, protocol, port number, domain name, and MAC address according to flow command. 4- Packet retrievel and decoding systems can be linked without affecting file transfer. 5- All packet network layers can be transferred for troubleshooting. 6- An input port doesn't get assigned an IP address.  II. Packet Retrieve and Encoding System This system includes packet recording, decoding, retrieve, and export. Specifications are as follows: (1) Packet Recording 1. Network communciation can be linked to authenicate front-end sensors so that packet recording can be performed without affecting file transfer. 2. The 10/100/1000mbps rate for packet recording must be provided under different network environments. 3. Packets with tcpdump must be provided to save in accordance with minute, hour, day, and size. 4. Packet format is standardized and exported with .tcpdump for reading of other software, such as Ethereal. 5. A graphic user interface (GUI) is provided to burn packet files to CD media. (2) Packet Encoding and Retrieve 1. The contents of the original packet can be retrieved. 2. An interface is provided to import files with .tcpdump and decodes the contents of the packet. 3. Protocol packets are decoded as follows: a. Web browser and e-mail (HTTP/URL) including; Yahoo, Hotmail, Hinet, Seednet, URL, PCHome, Sina, and Yam. Decoding of contents and attached files. b. Post Office Protocol/Simple Mail Transfer Protocol (POP3/SMTP): When a sender sends an e-mail with confidential attachments, the e-mail address will be displayed during monitioring of receiver's information. Decoding of receiving and senders e-mail address, passwords, mail content (including headers), and attached files. c. File Transfer Protocol (FTP): Decodes account number, password, and file restoration. d. Remote Login (Telnet): Decodes account number, password, and content. e. Instant Messaging (IM): Includes MSN 5.0, 6.0, 6.1, 7.0, 7.5, Yahoo Messenger, ICQ, and AOL Messanger. f. MSN and Yahoo VOIP/Web Cam: conversion restoration along with resolution of source and destination address. (3) Decoding Export 1. A user can retrieve and export the results of packet decoding according to IP, communication date, type, and content (text retrieve) 2. Each export condition condition can be exported to one directory including website files for decoding. 3. A CD burning program is provided to record the export directories. "Portable Server" is used to burn the CDs. |
|
Hardware Specifications for Front-end Sensor 1. Intel Pentium 4 Processor 3.2GHz or higher 2. 2 or more DIMM sockets 3. 2 or more PCI slots 4. 4GB or more of main memory 5. 2 USB ports 6. 2 IDE 200GB or higher Hard Drives 7. VGA Card: 64MB or higher 8. Built-in speakers 9. Ethernet Card: 2 optical NIC or greater 10.Thernet Card: 2 10/100/1000Mbps Ethernet ports (Intel Pro/100 MT Dual Port Server Adapter PCI-X) 11.CD Burner: 52/24/52x or Faster 12.19" Rack- compliant with industrial standards |
Packet Retrieve and Encoding System Host 1. Intel Xeon 3.2GHz Processor of higher 2. Motherboard: (1) Support for Intel Xeon 3.2GHz or higher (2) 2 DIMM sockets or greater (3) 3 or more PCI slots 3. Main Memory: 2 GB or more 4. 2 USB ports 5. 2- 200 GB or greater Hard Drives 6. VGA Card: 64MB or higher 7. Built-in Speakers 8. Ethernet: 2 10/100/1000 Ethernet Ports 9. CD Burner: 52/24/52x or Faster 10.Cooling Fan 11.Power Supply: 400w or more 12. 19" Rack-compliant with industrial standards |
|
Company|Products|Downloads|Sales|Support|Contacts|Help|Sitemap | ||
| Copyright © LC Technology, Inc, 2007. All Rights Reserved | |